Pages

2015-02-23

CELL PHONES: HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE

Vatic Note: As I have said many times before, I am a computer ludite, so this below is greek to me, but I suspect this is important to those who know what they are talking about. I just got that this was simply another way to spy on other nations leaders and people. I hope I am wrong, but I don't think so. I got that it was the British and their American lackeys that hacked into the network of the company that had the encryption keys and stole them.

I also got, through many previous blogs, about who has run Britain for a long time now, and who has recently expanded their control over the United States as well. I also know that Jerusalem has a massive NSA spy facility located there and they can spy on Americans exactly like the one in America can do, that is located in Utah.

So, who were the traitors that allowed that to happen and treasonously, gave up our privacy, against our bill of rights, to a foreign country? If this can happen when we still believe we are under our own sovereign system, can you imagine what they can do when they have total and unadulterated control of it all? I don't even want to imagine what they would do. Luckily, RH negs cannot be cloned, so that is at least something positive that they can't do.

THE GREAT SIM HEIST

HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE

AMERICAN AND BRITISH spies
hacked into the internal computer network of the largest manufacturer
of SIM cards in the world, stealing encryption keys used to protect the
privacy of cellphone communications across the globe, according to
top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives
from the NSA and its British counterpart Government Communications
Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document,
gave the surveillance agencies the potential to secretly monitor a
large portion of the world’s cellular communications, including both
voice and data.

The company targeted by the intelligence agencies, Gemalto,
is a multinational firm incorporated in the Netherlands that makes the
chips used in mobile phones and next-generation credit cards. Among its
clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless
network providers around the world. The company operates in 85 countries
and has more than 40 manufacturing facilities. One of its three global
headquarters is in Austin, Texas and it has a large factory in
Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor
mobile communications without seeking or receiving approval from telecom
companies and foreign governments. Possessing the keys also sidesteps
the need to get a warrant or a wiretap, while leaving no trace on the
wireless provider’s network that the communications were intercepted.

Bulk key theft additionally enables the intelligence agencies to unlock
any previously encrypted communications they had already intercepted,
but did not yet have the ability to decrypt.

As part of the covert operations against Gemalto, spies from GCHQ —
with support from the NSA — mined the private communications of
unwitting engineers and other company employees in multiple countries.

Gemalto was totally oblivious to the penetration of its systems — and
the spying on its employees. “I’m disturbed, quite concerned that this
has happened,” Paul Beverly, a Gemalto executive vice president, told The Intercept.
“The most important thing for me is to understand exactly how this was
done, so we can take every measure to ensure that it doesn’t happen
again, and also to make sure that there’s no impact on the telecom
operators that we have served in a very trusted manner for many years.
What I want to understand is what sort of ramifications it has, or could
have, on any of our customers.”

He added that “the most important thing
for us now is to understand the degree” of the breach.

Leading privacy advocates and security experts say that the theft of
encryption keys from major wireless network providers is tantamount to a
thief obtaining the master ring of a building superintendent who holds
the keys to every apartment.

“Once you have the keys, decrypting traffic
is trivial,” says Christopher Soghoian, the principal technologist for
the American Civil Liberties Union. “The news of this key theft will
send a shock wave through the security community.”

Beverly said that after being contacted by The Intercept,
Gemalto’s internal security team began on Wednesday to investigate how
their system was penetrated and could find no trace of the hacks. When
asked if the NSA or GCHQ had ever requested access to
Gemalto-manufactured encryption keys, Beverly said, “I am totally
unaware. To the best of my knowledge, no.”

According to one secret GCHQ slide,
the British intelligence agency penetrated Gemalto’s internal networks,
planting malware on several computers, giving GCHQ secret access. We
“believe we have their entire network,” the slide’s author boasted about
the operation against Gemalto.

Additionally, the spy agency targeted unnamed cellular companies’
core networks, giving it access to “sales staff machines for customer
information and network engineers machines for network maps.” GCHQ also
claimed the ability to manipulate the billing servers of cell companies
to “suppress” charges in an effort to conceal the spy agency’s secret
actions against an individual’s phone.

Most significantly, GCHQ also
penetrated “authentication servers,” allowing it to decrypt data and
voice communications between a targeted individual’s phone and his or
her telecom provider’s network. A note accompanying the slide asserted
that the spy agency was “very happy with the data so far and [was]
working through the vast quantity of product.”

The Mobile Handset Exploitation Team (MHET), whose existence has
never before been disclosed, was formed in April 2010 to target
vulnerabilities in cellphones. One of its main missions was to covertly
penetrate computer networks of corporations that manufacture SIM cards,
as well as those of wireless network providers. The team included
operatives from both GCHQ and the NSA.

While the FBI and other U.S. agencies can obtain court orders
compelling U.S.-based telecom companies to allow them to wiretap or
intercept the communications of their customers, on the international
front this type of data collection is much more challenging.

Unless a
foreign telecom or foreign government grants access to their citizens’
data to a U.S. intelligence agency, the NSA or CIA would have to hack
into the network or specifically target the user’s device for a more
risky “active” form of surveillance that could be detected by
sophisticated targets. Moreover, foreign intelligence agencies would not
allow U.S. or U.K. spy agencies access to the mobile communications of
their heads of state or other government officials.

“It’s unbelievable. Unbelievable,” said Gerard Schouw, a member of
the Dutch Parliament, when told of the spy agencies’ actions. Schouw,
the intelligence spokesperson for D66, the largest opposition party in
the Netherlands, told The Intercept, “We don’t want to have the
secret services from other countries doing things like this.” Schouw
added that he and other lawmakers will ask the Dutch government to
provide an official explanation and to clarify whether the country’s
intelligence services were aware of the targeting of Gemalto, whose
official headquarters is in Amsterdam.

Last November, the Dutch government amended its
constitution to include explicit protection for the privacy of digital
communications, including those made on mobile devices. “We have, in the
Netherlands, a law on the [activities] of secret services. And hacking
is not allowed,” Schouw said. Under Dutch law, the interior minister
would have to sign off on such operations by foreign governments’
intelligence agencies. “I don’t believe that he has given his permission
for these kind of actions.”
The U.S. and British intelligence agencies pulled off the encryption
key heist in great stealth, giving them the ability to intercept and
decrypt communications without alerting the wireless network provider,
the foreign government or the individual user that they have been
targeted.

“Gaining access to a database of keys is pretty much game over
for cellular encryption,” says Matthew Green, a cryptography specialist
at the Johns Hopkins Information Security Institute. The massive key
theft is “bad news for phone security. Really bad news.”

AS CONSUMERS BEGAN to
adopt cellular phones en masse in the mid-1990s, there were no effective
privacy protections in place. Anyone could buy a cheap device from
RadioShack capable of intercepting calls placed on mobile phones. The
shift from analog to digital networks introduced basic encryption
technology, though it was still crackable by tech savvy computer science
graduate students, as well as the FBI and other law enforcement
agencies, using readily available equipment.

Today, second-generation (2G) phone technology, which relies on a
deeply flawed encryption system, remains the dominant platform globally,
though U.S. and European cellphone companies now use 3G, 4G and LTE
technology in urban areas. These include more secure, though not
invincible, methods of encryption, and wireless carriers throughout the
world are upgrading their networks to use these newer technologies.

It is in the context of such growing technical challenges to data
collection that intelligence agencies, such as the NSA, have become
interested in acquiring cellular encryption keys. “With old-fashioned
[2G], there are other ways to work around cellphone security without
those keys,” says Green, the Johns Hopkins cryptographer. “With newer
3G, 4G and LTE protocols, however, the algorithms aren’t as vulnerable,
so getting those keys would be essential.”

The privacy of all mobile communications — voice calls, text messages
and Internet access — depends on an encrypted connection between the
cellphone and the wireless carrier’s network, using keys stored on the
SIM, a tiny chip smaller than a postage stamp, which is inserted into
the phone. All mobile communications on the phone depend on the SIM,
which stores and guards the encryption keys created by companies like
Gemalto. SIM cards can be used to store contacts, text messages, and
other important data, like one’s phone number. In some countries, SIM
cards are used to transfer money. As The Interceptreported last year, having the wrong SIM card can make you the target of a drone strike.

SIM cards were not invented to protect individual communications —
they were designed to do something much simpler: ensure proper billing
and prevent fraud, which was pervasive in the early days of cellphones.
Soghoian compares the use of encryption keys on SIM cards to the way
Social Security numbers are used today. “Social security numbers were
designed in the 1930s to track your contributions to your government
pension,” he says. “Today they are used as a quasi national identity
number, which was never their intended purpose.”

Because the SIM card wasn’t created with call confidentiality in
mind, the manufacturers and wireless carriers don’t make a great effort
to secure their supply chain. As a result, the SIM card is an extremely
vulnerable component of a mobile phone. “I doubt anyone is treating
those things very carefully,” says Green. “Cell companies probably don’t
treat them as essential security tokens. They probably just care that
nobody is defrauding their networks.” The ACLU’s Soghoian adds, “These
keys are so valuable that it makes sense for intel agencies to go after
them.”

As a general rule, phone companies do not manufacture SIM cards, nor
program them with secret encryption keys. It is cheaper and more
efficient for them to outsource this sensitive step in the SIM card
production process. They purchase them in bulk with the keys pre-loaded
by other corporations. Gemalto is the largest of these SIM
“personalization” companies.

After a SIM card is manufactured, the encryption key, known as a
“Ki,” is burned directly onto the chip. A copy of the key is also given
to the cellular provider, allowing its network to recognize an
individual’s phone. In order for the phone to be able to connect to the
wireless carrier’s network, the phone — with the help of the SIM —
authenticates itself using the Ki that has been programmed onto the SIM.
The phone conducts a secret “handshake” that validates that the Ki on
the SIM matches the Ki held by the mobile company.

Once that happens,
the communications between the phone and the network are encrypted. Even
if GCHQ or the NSA were to intercept the phone signals as they are
transmitted through the air, the intercepted data would be a garbled
mess.

Decrypting it can be challenging and time-consuming. Stealing the
keys, on the other hand, is beautifully simple, from the intelligence
agencies’ point of view, as the pipeline for producing and distributing
SIM cards was never designed to thwart mass surveillance efforts.

One of the creators of the encryption protocol that is widely used
today for securing emails, Adi Shamir, famously asserted: “Cryptography
is typically bypassed, not penetrated.” In other words, it is much
easier (and sneakier) to open a locked door when you have the key than
it is to break down the door using brute force. While the NSA and GCHQ
have substantial resources dedicated to breaking encryption, it is not
the only way — and certainly not always the most efficient — to get at
the data they want. “NSA has more mathematicians on its payroll than any
other entity in the U.S.,” says the ACLU’s Soghoian.

“But the NSA’s
hackers are way busier than its mathematicians.”
GCHQ and the NSA could have taken any number of routes to steal SIM
encryption keys and other data. They could have physically broken into a
manufacturing plant. They could have broken into a wireless carrier’s
office. They could have bribed, blackmailed or coerced an employee of
the manufacturer or cellphone provider. But all of that comes with
substantial risk of exposure. In the case of Gemalto, hackers working
for GCHQ remotely penetrated the company’s computer network in order to
steal the keys in bulk as they were en route to the wireless network
providers.

SIM card “personalization” companies like Gemalto ship hundreds of
thousands of SIM cards at a time to mobile phone operators across the
world. International shipping records obtained by The Intercept show
that in 2011, Gemalto shipped 450,000 smart cards from its plant in
Mexico to Germany’s Deutsche Telekom in just one shipment.

In order for the cards to work and for the phones’ communications to
be secure, Gemalto also needs to provide the mobile company with a file
containing the encryption keys for each of the new SIM cards. These
master key files could be shipped via FedEx, DHL, UPS or another snail
mail provider. More commonly, they could be sent via email or through
File Transfer Protocol, FTP, a method of sending files over the
Internet.

The moment the master key set is generated by Gemalto or another
personalization company, but before it is sent to the wireless carrier,
is the most vulnerable moment for interception. “The value of getting
them at the point of manufacture is you can presumably get a lot of keys
in one go, since SIM chips get made in big batches,” says Green, the
cryptographer. “SIM cards get made for lots of different carriers in one
facility.” In Gemalto’s case, GCHQ hit the jackpot, as the company
manufactures SIMs for hundreds of wireless network providers, including
all of the leading U.S.— and many of the largest European — companies.

But obtaining the encryption keys while Gemalto still held them required finding a way into the company’s internal systems.

Diagram from a top-secret GCHQ slide.

TOP-SECRET GCHQ documents
reveal that the intelligence agencies accessed the email and Facebook
accounts of engineers and other employees of major telecom corporations
and SIM card manufacturers in an effort to secretly obtain information
that could give them access to millions of encryption keys. They did
this by utilizing the NSA’s X-KEYSCORE program, which allowed them
access to private emails hosted by the SIM card and mobile companies’
servers, as well as those of major tech corporations, including Yahoo
and Google.

In effect, GCHQ clandestinely cyberstalked Gemalto
employees, scouring their emails in an effort to find people who may
have had access to the company’s core networks and Ki-generating
systems. The intelligence agency’s goal was to find information that
would aid in breaching Gemalto’s systems, making it possible to steal
large quantities of encryption keys. The agency hoped to intercept the
files containing the keys as they were transmitted between Gemalto and
its wireless network provider customers.

GCHQ operatives identified key individuals and their positions within
Gemalto and then dug into their emails. In one instance, GCHQ zeroed in
on a Gemalto employee in Thailand who they observed sending
PGP-encrypted files, noting that if GCHQ wanted to expand its Gemalto
operations, “he would certainly be a good place to start.” They did not
claim to have decrypted the employee’s communications, but noted that
the use of PGP could mean the contents were potentially valuable.

The cyberstalking was not limited to Gemalto. GCHQ operatives wrote a
script that allowed the agency to mine the private communications of
employees of major telecommunications and SIM “personalization”
companies for technical terms used in the assigning of secret keys to
mobile phone customers.

Employees for the SIM card manufacturers and
wireless network providers were labeled as “known individuals and
operators targeted” in a top-secret GCHQ document.

According to that April 2010 document,
“PCS Harvesting at Scale,” hackers working for GCHQ focused on
“harvesting” massive amounts of individual encryption keys “in transit
between mobile network operators and SIM card personalisation centres”
like Gemalto. The spies “developed a methodology for intercepting these
keys as they are transferred between various network operators and SIM
card providers.” By that time, GCHQ had developed “an automated
technique with the aim of increasing the volume of keys that can be
harvested.”

The PCS Harvesting document acknowledged that, in searching for
information on encryption keys, GCHQ operatives would undoubtedly vacuum
up “a large number of unrelated items” from the private communications
of targeted employees. “[H]owever an analyst with good knowledge of the
operators involved can perform this trawl regularly and spot the
transfer of large batches of [keys].”

The document noted that many SIM card manufacturers transferred the
encryption keys to wireless network providers “by email or FTP with
simple encryption methods that can be broken … or occasionally with no
encryption at all.” To get bulk access to encryption keys, all the NSA
or GCHQ needed to do was intercept emails or file transfers as they were
sent over the Internet — something both agencies already do millions of
times per day. A footnote in the 2010 document observed that the use of
“strong encryption products … is becoming increasingly common” in
transferring the keys.

In its key harvesting “trial” operations in the first quarter of 2010, GCHQ successfully intercepted keys
used by wireless network providers in Iran, Afghanistan, Yemen, India,
Serbia, Iceland and Tajikistan. But, the agency noted, its automated key
harvesting system failed to produce results against Pakistani networks,
denoted as “priority targets” in the document, despite the fact that
GCHQ had a store of Kis from two providers in the country, Mobilink and
Telenor. “[I]t is possible that these networks now use more secure
methods to transfer Kis,” the document concluded.

From December 2009 through March 2010, a month before the Mobile
Handset Exploitation Team was formed, GCHQ conducted a number of trials
aimed at extracting encryption keys and other personalized data for
individual phones. In one two-week period, they accessed the emails of
130 people associated with wireless network providers or SIM card
manufacturing and personalization.

This operation produced nearly 8,000
keys matched to specific phones in 10 countries. In another two-week
period, by mining just six email addresses, they produced 85,000 keys.
At one point in March 2010, GCHQ intercepted nearly 100,000 keys for
mobile phone users in Somalia. By June, they’d compiled 300,000.
“Somali providers are not on GCHQ’s list of interest,” the document
noted. “[H]owever, this was usefully shared with NSA.”

The GCHQ documents only contain statistics for three months of
encryption key theft in 2010. During this period, millions of keys were
harvested. The documents stated explicitly that GCHQ had already created
a constantly evolving automated process for bulk harvesting of keys.
They describe active operations targeting Gemalto’s personalization
centers across the globe, as well as other major SIM card manufacturers
and the private communications of their employees.

A top-secret NSA document asserted that, as of 2009, the U.S. spy
agency already had the capacity to process between 12 and 22 million
keys per second for later use against surveillance targets. In the
future, the agency predicted, it would be capable of processing more
than 50 million per second. The document did not state how many keys
were actually processed, just that the NSA had the technology to perform
such swift, bulk operations. It is impossible to know how many keys
have been stolen by the NSA and GCHQ to date, but, even using
conservative math, the numbers are likely staggering.

GCHQ assigned “scores” to more than 150 individual email addresses
based on how often the users mentioned certain technical terms, and then
intensified the mining of those individuals’ accounts based on
priority. The highest-scoring email address was that of an employee of
Chinese tech giant Huawei, which the U.S. has repeatedly accused of
collaborating with Chinese intelligence.

In all, GCHQ harvested the
emails of employees of hardware companies that manufacture phones, such
as Ericsson and Nokia; operators of mobile networks, such as MTN
Irancell and Belgacom; SIM card providers, such as Bluefish and Gemalto;
and employees of targeted companies who used email providers, such as
Yahoo and Google.

During the three-month trial, the largest number of
email addresses harvested were those belonging to Huawei employees,
followed by MTN Irancell. The third largest class of emails harvested in
the trial were private Gmail accounts, presumably belonging to
employees at targeted companies.

“PEOPLE WERE SPECIFICALLY
HUNTED AND TARGETED BY INTELLIGENCE AGENCIES, NOT BECAUSE THEY DID
ANYTHING WRONG, BUT BECAUSE THEY COULD BE USED.”

The GCHQ program targeting Gemalto was called DAPINO GAMMA. In 2011,
GCHQ launched operation HIGHLAND FLING to mine the email accounts of
Gemalto employees in France and Poland. A top-secret document on the
operation stated that one of the aims was “getting into French HQ” of
Gemalto “to get in to core data repositories.” France, home to one of
Gemalto’s global headquarters, is the nerve center of the company’s
worldwide operations.

Another goal was to intercept private
communications of employees in Poland that “could lead to penetration
into one or more personalisation centers” — the factories where the
encryption keys are burned onto SIM cards.

As part of these operations, GCHQ operatives acquired the usernames
and passwords for Facebook accounts of Gemalto targets. An internal
top-secret GCHQ wiki on the program from May 2011 indicated that GCHQ
was in the process of “targeting” more than a dozen Gemalto facilities
across the globe, including in Germany, Mexico, Brazil, Canada, China,
India, Italy, Russia, Sweden, Spain, Japan and Singapore.

The document also stated that GCHQ was preparing similar key theft
operations against one of Gemalto’s competitors, Germany-based SIM card
giant Giesecke and Devrient.

On January 17, 2014, President Barack Obama gave a major address on
the NSA spying scandal. “The bottom line is that people around the
world, regardless of their nationality, should know that the United
States is not spying on ordinary people who don’t threaten our national
security and that we take their privacy concerns into account in our
policies and procedures,” he said.

The monitoring of the lawful communications of employees of major
international corporations shows that such statements by Obama, other
U.S. officials and British leaders — that they only intercept and
monitor the communications of known or suspected criminals or terrorists
— were untrue.

“The NSA and GCHQ view the private communications of
people who work for these companies as fair game,” says the ACLU’s
Soghoian. “These people were specifically hunted and targeted by
intelligence agencies, not because they did anything wrong, but because
they could be used as a means to an end.”

The article is reproduced in accordance with Section 107 of title 17 of the Copyright Law of the United States relating to fair-use and is for the purposes of criticism, comment, news reporting, teaching, scholarship, and research.